Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa
File:                     fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa (raw, json)
Hash identifier:          txp+8Xuo/lt+YlIhESGwDP6iGxlP87vUh+rojzeo8mM=
Subject key identifier:   9B:39:45:39:E7:67:D3:AA:1C:A4:98:0A:F8:4B:E3:A7:B9:36:6A:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43D741D25900841A661523243255566D6A786233
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa
Signing time:             Tue 17 Jun 2025 00:21:14 +0000
ROA not before:           Tue 17 Jun 2025 00:21:14 +0000
ROA not after:            Tue 22 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d7:41:d2:59:00:84:1a:66:15:23:24:32:55:56:6d:6a:78:62:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 17 00:21:14 2025 GMT
            Not After : Jul 22 23:59:59 2025 GMT
        Subject: serialNumber=3193bdd25b35e5375a6fb3da9bee5f26e8420531fb9b9d5091b48027d9a6a9ab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:79:e8:c2:d6:d9:52:ea:a3:ea:8f:0c:d5:98:
                    c2:97:84:72:ee:5d:37:a6:ac:86:20:30:19:d8:00:
                    7b:2d:f5:a7:65:1d:6b:58:ab:59:cf:31:9a:20:7f:
                    27:6a:fc:d7:78:8e:92:c3:34:1a:8f:09:59:8b:10:
                    b1:f8:9d:fb:19:83:fe:8e:8b:45:99:25:7d:64:8b:
                    7a:af:b5:c3:4a:84:d6:54:c3:62:3d:2e:42:6f:fd:
                    2a:c1:fd:45:b2:a6:38:af:7d:ac:e2:b7:7b:98:da:
                    14:5b:d2:37:15:e8:9c:41:3d:9c:d1:63:c3:e6:63:
                    37:72:a7:48:c7:ea:f6:27:d4:a5:7d:15:63:0e:d2:
                    5d:cf:c8:e1:3f:5a:ab:a4:36:48:c0:07:c9:36:e6:
                    72:35:84:af:df:bb:ad:d6:5a:ac:88:a0:c5:0c:42:
                    61:07:38:3f:a7:a4:e1:dd:aa:f3:d3:f2:46:8e:87:
                    a8:18:ab:d2:40:4e:cc:79:7c:5c:71:22:f9:2f:24:
                    b4:0e:c1:eb:54:fa:d3:fe:0f:e7:66:6f:f9:d2:87:
                    0c:11:85:84:59:73:76:30:63:ab:c0:88:f8:d6:35:
                    54:d4:8b:f3:3f:bb:09:35:94:84:8b:72:73:45:aa:
                    2c:e2:bd:36:1e:d9:77:5c:c8:dd:f1:4f:27:d2:8b:
                    e6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:39:45:39:E7:67:D3:AA:1C:A4:98:0A:F8:4B:E3:A7:B9:36:6A:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:44:43:4f:c8:97:11:3a:6b:e8:e1:fb:61:c1:0b:05:db:7c:
         dc:6e:6e:d0:ef:16:de:0c:5e:ae:97:e7:6e:11:9a:44:52:53:
         2b:a9:24:29:f0:30:e1:8d:20:9a:df:c5:bc:cb:2f:0d:e2:34:
         0d:7f:68:57:39:df:33:f0:05:ee:41:c9:29:7c:55:fd:fc:db:
         ca:8a:98:34:7b:25:40:0c:9a:4f:7a:c9:ef:7a:33:a1:8d:bb:
         1a:19:59:3c:e0:cd:d0:f4:17:85:76:3a:1b:6c:d1:83:65:9e:
         6e:bd:b6:f0:67:92:1a:96:7a:4d:1a:8b:8a:fb:11:0d:cd:e9:
         49:68:61:f2:3f:bf:e9:32:b8:80:81:33:55:c3:3f:c9:40:4c:
         f7:9f:09:e7:1a:ee:3f:36:2c:f7:a5:93:de:83:cf:00:e5:69:
         bb:4a:ae:c2:09:0d:08:cc:0d:3c:83:4b:df:09:ff:c1:ff:3e:
         7d:a2:86:01:42:3d:f1:a7:3d:2d:82:7a:c6:bf:5e:55:8b:7e:
         fb:7d:4c:ab:63:c5:f2:c0:70:33:40:b8:b1:40:85:63:7e:33:
         b1:75:69:a3:2a:00:92:32:e8:c6:74:61:87:ae:89:67:9c:ab:
         43:4b:5f:9a:c8:bb:c3:0a:20:52:a0:1c:f6:27:ff:9f:08:bf:
         60:5a:43:c8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQ9dB0lkAhBpmFSMkMlVWbWp4YjMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE3MDAyMTE0WhcNMjUwNzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMTkzYmRkMjViMzVlNTM3NWE2ZmIzZGE5YmVlNWYyNmU4
NDIwNTMxZmI5YjlkNTA5MWI0ODAyN2Q5YTZhOWFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLeejC1tlS6qPqjwzVmMKXhHLuXTemrIYgMBnYAHst9adl
HWtYq1nPMZogfydq/Nd4jpLDNBqPCVmLELH4nfsZg/6Oi0WZJX1ki3qvtcNKhNZU
w2I9LkJv/SrB/UWypjivfazit3uY2hRb0jcV6JxBPZzRY8PmYzdyp0jH6vYn1KV9
FWMO0l3PyOE/WqukNkjAB8k25nI1hK/fu63WWqyIoMUMQmEHOD+npOHdqvPT8kaO
h6gYq9JATsx5fFxxIvkvJLQOwetU+tP+D+dmb/nShwwRhYRZc3YwY6vAiPjWNVTU
i/M/uwk1lISLcnNFqizivTYe2XdcyN3xTyfSi+Y/AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUmzlFOedn06ocpJgK+Evjp7k2ahAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiNTc2ZWE3LTcyZDktNGVhZS1hZWU1LWU2MWU2OTgxZGUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gUDANBgkqhkiG9w0BAQsFAAOCAQEAwkRDT8iXETpr6OH7YcELBdt8
3G5u0O8W3gxerpfnbhGaRFJTK6kkKfAw4Y0gmt/FvMsvDeI0DX9oVznfM/AF7kHJ
KXxV/fzbyoqYNHslQAyaT3rJ73ozoY27GhlZPODN0PQXhXY6G2zRg2Webr228GeS
GpZ6TRqLivsRDc3pSWhh8j+/6TK4gIEzVcM/yUBM958J5xruPzYs96WT3oPPAOVp
u0quwgkNCMwNPINL3wn/wf8+faKGAUI98ac9LYJ6xr9eVYt++31Mq2PF8sBwM0C4
sUCFY34zsXVpoyoAkjLoxnRhh66JZ5yrQ0tfmsi7wwogUqAc9if/nwi/YFpDyA==
-----END CERTIFICATE-----